---
project: deckhouse
configVersion: 1
gitWorktree:
  forceShallowClone: true
---
# revisions settings
{{- $editionsSettings := (.Files.Get "editions.yaml" | fromYaml) }}
{{- $_ := set . "Editions" $editionsSettings.editions }}

# checks redactions list
{{- if not $.Editions }}
  {{ fail "Editions list is empty" }}
{{- end }}

{{- $editionsDict := dict }}
{{- range $_, $edition := $.Editions }}
  {{- if not $edition.name }}
     {{ fail printf "Editions name is empty" }}
  {{- end }}
  {{- $_ := set $editionsDict $edition.name "" }}
{{- end }}

{{- if not (hasKey $editionsDict .Env) }}
  {{ fail (printf "Editions name not found %v" .Env) }}
{{- end }}

---
# Base Images
{{- $_ := set . "Images" (.Files.Get "candi/image_versions.yml" | fromYaml) }}
  {{- range $k, $v := .Images }}
    {{ $baseImagePath := (printf "%s%s" $.Images.REGISTRY_PATH (trimSuffix "/" $v)) }}
    {{- if ne $k "REGISTRY_PATH" }}
      {{- $_ := set $.Images $k $baseImagePath }}
    {{- end }}
  {{- end }}
---
# Version Map
{{- $versionMap := dict }}
{{- range $_, $edition := $.Editions }}
 {{- if $edition.versionMapFile }}
   {{- $versionMap = (merge $versionMap ($.Files.Get $edition.versionMapFile | fromYaml) )}}
 {{- end }}
 {{- if eq $.Env $edition.name }}
   {{- break -}}
 {{- end }}
{{- end }}

{{- $_ := set . "CandiVersionMap" $versionMap }}
---
# Terraform Versions
{{- $_ := set . "TF" (.Files.Get "candi/terraform_versions.yml" | fromYaml) }}

# Source repo  settings
{{- $_ := set . "SOURCE_REPO" (env "SOURCE_REPO" | default "https://github.com") }}

# goproxy  settings
{{- $_ := set . "GOPROXY" (env "GOPROXY") }}

---
artifact: jq
from: {{ $.Images.BASE_ALPINE_DEV }}
git:
- url: {{ .SOURCE_REPO }}/jqlang/jq
  add: /
  to: /src
  commit: b6be13d5de6dd7d8aad5fd871eb6b0b30fc7d7f6
  stageDependencies:
    install:
    - "**/*"
ansible:
  install:
  - shell: |
      cd /src
      autoreconf -fi
      ./configure \
        --prefix=/usr \
        --sysconfdir=/etc \
        --mandir=/usr/share/man \
        --localstatedir=/var \
        --disable-docs
      make LDFLAGS=-all-static
      make prefix=/usr install

---
artifact: yq4-artifact
from: {{ $.Images.BASE_GOLANG_19_ALPINE_DEV }}
mount:
  - fromPath: ~/go-pkg-cache
    to: /go/pkg
shell:
  install:
  - export GOPROXY={{ .GOPROXY }}
  - git clone {{ .SOURCE_REPO }}/mikefarah/yq --branch "v4.9.6"
  - cd yq/
  - CGO_ENABLED=0 GOOS=linux go build -ldflags '-s -w -extldflags "-static"' -o /usr/local/bin/yq

---
artifact: yq-artifact
from: {{ $.Images.BASE_GOLANG_19_ALPINE_DEV }}
mount:
  - fromPath: ~/go-pkg-cache
    to: /go/pkg
shell:
  install:
  - export GOPROXY={{ .GOPROXY }}
  - git clone {{ .SOURCE_REPO }}/mikefarah/yq --branch v2.4.1
  - cd yq/
  - CGO_ENABLED=0 GOOS=linux go build -ldflags '-s -w -extldflags "-static"' -o /usr/local/bin/yq

---
artifact: semver-artifact
from: {{ $.Images.BASE_ALPINE_DEV }}
shell:
  install:
  - git clone {{ .SOURCE_REPO }}/fsaintjacques/semver-tool --branch 2.1.0
  - cd /semver-tool/
  - make install

---
artifact: tini-artifact
from: {{ $.Images.BASE_ALPINE_DEV }}
shell:
  install:
  - git clone {{ .SOURCE_REPO }}/krallin/tini --branch v0.19.0
  - cd /tini/
  - export CFLAGS="-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37"
  - cmake . && make

---
{{- define "base components imports" }}
- artifact: tini-artifact
  add: /tini/tini-static
  to: /usr/bin/tini
  before: setup
- artifact: semver-artifact
  add: /usr/local/bin/semver
  to: /usr/local/bin/semver
  before: setup
  {{- range $k8sVersion := tuple "1.25" "1.28" }}
    {{- $image_version := printf "%s.%d" $k8sVersion (index $.CandiVersionMap "k8s" $k8sVersion "patch") | replace "." "-" }}
- artifact: common/kubernetes-artifact-{{ $image_version }}
  add: /src/_output/bin/kubectl
  to: /usr/local/bin/kubectl-{{ $k8sVersion }}
  before: setup
  {{- end }}
{{- end }}

{{- define "base components" }}
- name: "Install kubectl wrapper"
  copy:
    content: |
      {{- .Files.Get "deckhouse-controller/files/kubectl_wrapper.sh" | nindent 8 }}
    dest: /usr/local/bin/kubectl
    mode: +x

- name: "Shell comfort: inputrc"
  copy:
    content: |
      {{- .Files.Get "deckhouse-controller/files/inputrc" | nindent 8 }}
    dest: /etc/inputrc

- name: "Shell comfort: bashrc"
  copy:
    content: |
      {{- .Files.Get "deckhouse-controller/files/bashrc" | nindent 8 }}
    dest: /etc/bashrc

- name: "Shell comfort: add bashrc for root"
  shell: |
    rm -f /root/.bashrc
    ln -s /etc/bashrc /root/.bashrc

- name: "Shell comfort: add bashrc for nobody"
  shell: |
    rm -f /.bashrc
    ln -s /etc/bashrc /.bashrc


- name: "Shell comfort: create /etc/vim"
  shell: mkdir -p /etc/vim/

- name: "Shell comfort: vimrc.local"
  copy:
    content: |
      {{- .Files.Get "deckhouse-controller/files/vimrc.local" | nindent 8 }}
    dest: /etc/vim/vimrc.local
{{- end }}

image: common-base
from: {{ .Images.BASE_ALT }}
import:
- artifact: dev-alt-artifact
  add: /
  to: /
  before: setup
  includePaths:
  - lib64/libz.so*
  - lib64/libexpat.so*
  - lib64/libssl.so.*
  - lib64/libcrypto.so.*
  - etc/pki
  - usr/share/ca-certificates/ca-bundle.crt
  - usr/bin/python3
  - usr/bin/python3.9
  - usr/lib/python3
  - usr/lib64/python3
  - usr/lib64/python3.9
  - usr/lib64/libffi.so*
  - usr/share/vim
  - etc/vim
  - etc/bash_completion.d
  - etc/bashrc.d/bash_completion.sh
  - usr/share/bash-completion
  - usr/bin/vim-console

  {{- include "base components imports" . }}

- image: common/distroless
  add: /etc/ssl
  to: /etc/ssl
  before: setup

- artifact: registrypackages/d8-curl-artifact-8-2-1
  add: /d8-curl
  to: /usr/bin/curl
  before: setup

ansible:
  beforeInstall:
  {{- include "base components" . | nindent 2 }}

---
image: base-for-go
from: {{ .Images.BASE_ALT_DEV }}
import:
  {{- include "base components imports" . }}
ansible:
  beforeInstall:
  {{- include "base components" . | nindent 2 }}

---
{{- define "exclude_modules_dir_from_images" }}
- docs
- modules/*/docs
- modules/*/README.md
- modules/*/images
- modules/*/hooks/**/*.go
- modules/*/template_tests
- modules/*/.namespace
- modules/*/values_matrix_test.yaml
- modules/*/apis/**/*.go
- modules/*/requirements/**/*.go
- modules/*/settings-conversion/**/*.go
- modules/*/hack/**/*.go
- global-hooks/**/*.go
- candi/cloud-providers/*/layouts
- candi/cloud-providers/*/terraform-modules
- '**/testdata'
{{- end}}

---
artifact: dev-alt-artifact
from: {{ .Images.BASE_ALT_DEV }}
shell:
  install:
  - /binary_replace.sh -i "/usr/bin/ssh /usr/bin/ssh-agent /usr/bin/ssh-add /usr/bin/scp /usr/bin/envsubst" -o /relocate

---
artifact: golangci-lint-artifact
from: {{ $.Images.BASE_GOLANG_21_ALPINE_DEV }}
shell:
  install:
  - export GOPROXY={{ .GOPROXY }}
  - git clone --depth 1 {{ .SOURCE_REPO }}/golangci/golangci-lint --branch v1.55.2
  - cd golangci-lint/
  - CGO_ENABLED=0 GOOS=linux go build -ldflags '-s -w -extldflags "-static"' -o /usr/local/bin/golangci-lint cmd/golangci-lint/main.go

---
image: dev-prebuild
fromImage: common-base
git:
- add: /
  to: /deckhouse
  includePaths:
  - candi
  - modules
  - global-hooks
  - shell_lib.sh
  - shell_lib
  - deckhouse-controller/entrypoint.sh
  - deckhouse-controller/crds/*.yaml
  - jq_lib
  - helm_lib
  - python_lib
  excludePaths:
{{- include "exclude_modules_dir_from_images" .  | nindent 2}}
{{ .Files.Get (printf "tools/build_includes/modules-excluded-%s.yaml" .Env) | nindent 2}}
- url: {{ .SOURCE_REPO }}/flant/shell-operator
  tag: v1.4.5
  add: /frameworks/shell
  to: /deckhouse/shell-operator/frameworks/shell
{{ .Files.Get (printf "tools/build_includes/modules-with-exclude-%s.yaml" .Env) }}
{{ .Files.Get (printf "tools/build_includes/candi-%s.yaml" .Env) }}
import:
- artifact: deckhouse-controller
  add: /out/deckhouse-controller
  to: /usr/bin/deckhouse-controller
  after: setup
- artifact: jq
  add: /usr/bin/jq
  to: /usr/bin/jq
  after: setup
- artifact: version-map-artifact
  add: /version_map_{{ $.Env }}.yml
  to: /deckhouse/candi/version_map.yml
  after: setup
mount:
- fromPath: ~/go-pkg-cache
  to: /go/pkg
ansible:
  setup:
{{- range $key := list "default" "managed" "minimal" }}
  - name: "Add bundle {{ $key }}"
    copy:
      content: |
      {{- range $_, $edition := $.Editions }}
        {{- $.Files.Get (printf "%s/values-%s.yaml" $edition.modulesDir $key ) | nindent 8 }}
        {{- if eq $.Env $edition.name }}
           {{- break -}}
        {{- end }}
     {{- end }}
      dest: /deckhouse/modules/values-{{ $key }}.yaml
{{- end }}

  - name: "Add version info"
    copy:
      content: |
        {{- env "CI_COMMIT_TAG" | default "dev" | nindent 8 }}
      dest: /deckhouse/version

  - name: "Add edition info"
    copy:
      content: |
        {{- .Env | default "unknown" | nindent 8 }}
      dest: /deckhouse/edition

  - name: "Override deckhouse entrypoint to use tini as supervisor"
    shell: |
      echo -e "#!/bin/bash\nexec tini -- /deckhouse/deckhouse-controller/entrypoint.sh" > /deckhouse/deckhouse
      chmod +x /deckhouse/deckhouse

  - name: "Create symlink to grant entrypoint.sh write permission"
    shell: |
      ln -fs /tmp/values.yaml /deckhouse/modules/values.yaml

  - name: "Create deckhouse group"
    group:
      name: deckhouse
      gid: 64535

  - name: "Create deckhouse user"
    user:
      name: deckhouse
      password: "!"
      uid: 64535
      group: deckhouse
      comment: deckhouse
      home: /
      shell: /sbin/nologin

  - name: "Run deckhouse from dedicated user"
    file:
      path: /deckhouse/
      state: directory
      recurse: yes
      owner: 64535
      group: 64535

  - name: "Create symlink to vim-console"
    shell: |
      ln -fs /usr/bin/vim-console /usr/bin/vim
      ln -fs /usr/bin/vim-console /usr/bin/vi

docker:
  ENV:
    MODULES_DIR: /deckhouse/modules
    GLOBAL_HOOKS_DIR: /deckhouse/global-hooks
    PYTHONPATH: /deckhouse/python_lib
    LC_ALL: C

---
image: tests-prebuild
fromImage: base-for-go
git:
- add: /
  to: /deckhouse
  stageDependencies:
    install:
    - go.mod
    - go.sum
  includePaths:
  - deckhouse-controller
  - dhctl
  - candi
  - modules
  - global-hooks
  - go_lib
  - shell_lib.sh
  - shell_lib
  - jq_lib
  - helm_lib
  - testing
  - go.mod
  - go.sum
  - editions.yaml
  excludePaths:
  {{ .Files.Get (printf "tools/build_includes/modules-excluded-%s.yaml" .Env) | nindent 2}}
  - docs
  - modules/*/docs
  - modules/*/README.md
  - modules/*/images
  - modules/*/webhooks
  - modules/0[1-9][1-9]-*/crds     # we need here only the 000-common/crds
  - modules/[1-9][0-9][0-9]-*/crds
  - candi/cloud-providers/*/layouts
  - candi/cloud-providers/*/terraform-modules
- url: https://github.com/flant/shell-operator
  tag: v1.1.3
  add: /frameworks/shell
  to: /deckhouse/shell-operator/frameworks/shell
{{ .Files.Get (printf "tools/build_includes/modules-%s.yaml" .Env) }}
{{ .Files.Get (printf "tools/build_includes/candi-%s.yaml" .Env) }}
import:
- artifact: deckhouse-controller
  add: /out/deckhouse-controller
  to: /usr/bin/deckhouse-controller
  after: setup
- artifact: jq
  add: /usr/bin/jq
  to: /usr/bin/jq
  after: setup
- artifact: version-map-artifact
  add: /version_map_{{ $.Env }}.yml
  to: /deckhouse/candi/version_map.yml
  after: setup
- artifact: golangci-lint-artifact
  add: /usr/local/bin/golangci-lint
  to: /usr/local/bin/golangci-lint
  before: install
mount:
- fromPath: ~/go-pkg-cache
  to: /go/pkg
ansible:
  install:
  - name: "Install ginkgo"
    command: go install github.com/onsi/ginkgo/ginkgo@latest

  - name: "Install dlv"
    command: go install github.com/go-delve/delve/cmd/dlv@latest

  setup:
  - name: "Migrate internal packages imports"
    shell: |
      {{- range $_, $edition := $.Editions }}
        {{- if not $edition.skipFixingImports }}
      find /deckhouse/modules/* -type f -name '*.go' -exec sed -E -i 's|github.com/deckhouse/deckhouse/{{ $edition.modulesDir }}|github.com/deckhouse/deckhouse/modules|g' {} +
        {{- end }}
      {{- end }}

docker:
  ENV:
    ADDON_OPERATOR_NAMESPACE: tests
    DECKHOUSE_POD: tests
    MODULES_DIR: /deckhouse/modules
    GLOBAL_HOOKS_DIR: /deckhouse/global-hooks
    PATH: ${PATH}:/usr/local/go/bin:/root/go/bin

---
artifact: deckhouse-controller
fromImage: base-for-go
git:
- add: /
  to: /deckhouse
  includePaths:
    - dhctl
    - deckhouse-controller
    - global-hooks/**/*.go
    - go_lib/**/*.go
    - modules/**/*.go
    - go_lib/**/go.mod
    - go_lib/**/go.sum
    - go.mod
    - go.sum
    - tools
    - editions.yaml
  excludePaths:
    {{ .Files.Get (printf "tools/build_includes/modules-excluded-%s.yaml" .Env) | nindent 4}}
    - global-hooks/**/*_test.go
    - modules/**/*_test.go
    - modules/*/images
    - dhctl/development
    - deckhouse-controller/development
    - deckhouse-controller/cmd/deckhouse-controller/register-go-hooks.go
  stageDependencies:
    setup:
      - dhctl/go.mod
      - dhctl/go.sum
      - go.mod
      - go.sum
      - dhctl/**/*.go
      - deckhouse-controller/**/*.go
      - deckhouse-controller/go-build.sh
      - global-hooks/**/*.go
      - go_lib/**/*.go
      - go_lib/**/go.mod
      - go_lib/**/go.sum
      - modules/**/*.go
      - editions.yaml
{{ .Files.Get (printf "tools/build_includes/modules-with-dependencies-%s.yaml" .Env) }}
{{ .Files.Get (printf "tools/build_includes/candi-%s.yaml" .Env) }}
mount:
- fromPath: ~/go-pkg-cache
  to: /go/pkg
shell:
  beforeInstall:
  - mkdir /deckhouse /out

  setup:
  # Migrate internal packages imports
{{- range $_, $edition := $.Editions }}
  {{- if not $edition.skipFixingImports }}
  - find /deckhouse/modules/* -type f -name '*.go' -exec sed -E -i 's|github.com/deckhouse/deckhouse/{{ $edition.modulesDir }}|github.com/deckhouse/deckhouse/modules|g' {} +
  {{- end }}
{{- end }}
  - cd /deckhouse
  # Generate hooks imports for particular edition
  - go generate ./tools/register.go
  # Go modules depend on `register-go-hooks.go` file, hence we cannot split downloading dependencies and building
  # into separate phases.
  - go mod download
  - cd /deckhouse/deckhouse-controller
  - ./go-build.sh
  - mv deckhouse-controller /out

---
artifact: dhctl
fromImage: base-for-go
git:
- add: /dhctl
  to: /dhctl
  stageDependencies:
    install:
    - go.mod
    - go.sum
    setup:
    - "**/*.go"
    - Makefile
- add: /go_lib/registry-packages-proxy
  to: /go_lib/registry-packages-proxy
  stageDependencies:
    install:
      - go.mod
      - go.sum
    setup:
      - "**/*.go"
mount:
- fromPath: ~/go-pkg-cache
  to: /go/pkg
shell:
  install:
    - cd /dhctl && go mod download
  setup:
    - cd /dhctl && D8_VERSION={{- env "CI_COMMIT_TAG" | default "dev" }} make build
---
image: dev/install
from: {{ .Images.BASE_ALT }}
git:
- add: /
  to: /deckhouse
  includePaths:
  - candi
{{ .Files.Get (printf "tools/build_includes/candi-%s.yaml" .Env) }}
import:
- artifact: dhctl
  add: /dhctl/bin/dhctl
  to: /usr/bin/dhctl
  after: setup
- image: dev-prebuild
  add: /deckhouse
  to: /deckhouse
  includePaths:
  - modules/*/openapi/config-values.yaml
  - global-hooks/openapi/config-values.yaml
  after: setup
- artifact: terraform # from modules/040-terraform-manager/images/terraform-manager-base/werf.inc.yaml
  add: /terraform/terraform
  to: /bin/terraform
  before: setup
- artifact: terraform # from modules/040-terraform-manager/images/terraform-manager-base/werf.inc.yaml
  add: /root/.terraformrc
  to: /etc/terraformrc
  before: setup
{{- range $_, $edition := $.Editions }}
  {{- if $edition.terraformProviders }}
    {{- range $_, $tfProvider := $edition.terraformProviders }}
      {{- $tf := index $.TF $tfProvider }}

- artifact: {{ $tf.artifact }} # from modules/040-terraform-manager/images/terraform-manager-{PROVIDER}/werf.inc.yaml
  add: /{{ $tf.artifactBinary }}
  to: /usr/local/share/terraform/plugins/registry.terraform.io/{{ $tf.namespace }}/{{ $tf.type }}/{{ $tf.version }}/linux_amd64/{{ $tf.destinationBinary }}
  before: setup

    {{- end }}
  {{- end }}
  {{- if eq $.Env $edition.name }}
    {{- break -}}
  {{- end }}
{{- end }}
- image: images-digests
  add: /images_digests.json
  to: /deckhouse/candi/images_digests.json
  after: setup
- artifact: version-map-artifact
  add: /version_map_{{ $.Env }}.yml
  to: /deckhouse/candi/version_map.yml
  after: setup
- image: deckhouse-image-hash
  add: /deckhouse_digest.txt
  to: /deckhouse/image_digest
  after: setup
- artifact: dev-alt-artifact
  add: /
  to: /
  before: setup
  includePaths:
  - etc/pki
  - usr/share/ca-certificates/ca-bundle.crt
  - usr/share/vim
  - etc/vim
  - etc/bash_completion.d
  - etc/bashrc.d/bash_completion.sh
  - usr/share/bash-completion
  - usr/bin/vim-console
- artifact: dev-alt-artifact
  add: /relocate
  to: /
  before: setup
docker:
  ENV:
    EDITOR: vim
    TF_CLI_CONFIG_FILE: /etc/terraformrc
shell:
  setup:
  - |
    cat <<"EOD" > /etc/inputrc
    {{- .Files.Get "deckhouse-controller/files/inputrc" | nindent 4 }}
    EOD

    cat <<"EOD" > /etc/bashrc
    PS1='\[\033[01;30m\][deckhouse]\[\033[00m\] \[\033[01;33m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '

    source /etc/bashrc.d/bash_completion.sh
    EOD

    rm -f /root/.bashrc
    ln -s /etc/bashrc /root/.bashrc
    rm -f  /.bashrc
    ln -s /etc/bashrc /.bashrc

    ln -fs /usr/bin/vim-console /usr/bin/vim
    ln -fs /usr/bin/vim-console /usr/bin/vi

    mkdir -p /etc/vim
    cat <<"EOD" > /etc/vim/vimrc.local
    {{- .Files.Get "deckhouse-controller/files/vimrc.local" | nindent 4 }}
    EOD

    echo 'eval "$(dhctl --completion-script-bash)"' >> /etc/bashrc

    echo '{{- env "CI_COMMIT_TAG" | default "dev" }}' > /deckhouse/version

---
image: release-channel-version-prebuild
from: {{ .Images.BASE_ALPINE_DEV }}
dependencies:
- image: dev
  before: setup
  imports:
  - type: ImageDigest
    targetEnv: deckhouseImageDigest
import:
- artifact: yq-artifact
  add: /usr/local/bin/yq
  to: /usr/local/bin/yq
  before: install
shell:
  install:
  - |
    version="{{ env "CI_COMMIT_REF_NAME" }}"
    yq w /deckhouse/release.yaml version $version digest $deckhouseImageDigest | yq r - -j > version.json
    # changelog exists only for tags, we have to skip it for branches
    {{- $changelog := index (.Files.Glob "CHANGELOG/CHANGELOG-*") (printf "CHANGELOG/CHANGELOG-%s.yml" (env "CI_COMMIT_REF_NAME")) }}
    {{ if $changelog }}
    cat <<"EOF" > /changelog.yaml
    {{ $changelog | nindent 6 }}
    EOF
    {{ end }}
git:
- add: /
  to: /deckhouse
  includePaths:
  - release.yaml

---
image: release-channel-version
from: {{ .Images.BASE_SCRATCH }}
import:
- image: release-channel-version-prebuild
  add: /
  to: /
  after: install
  includePaths:
  - version.json
  - changelog.yaml

# modules_images
{{- define "module_image_template" }}
{{- if eq .ImageInstructionType "Dockerfile" }}
---
image: {{ .ModuleName }}/{{ .ImageName }}
context: {{ .ModulePath }}modules/{{ .ModulePriority }}-{{ .ModuleName }}/images/{{ .ImageName }}
dockerfile: Dockerfile
args:
  BASE_ALPINE: {{ .Images.BASE_ALPINE }}
  BASE_ALPINE_DEV: {{ .Images.BASE_ALPINE_DEV }}
  BASE_ALT: {{ .Images.BASE_ALT }}
  BASE_ALT_DEV: {{ .Images.BASE_ALT_DEV }}
  BASE_GOLANG_ALPINE: {{ .Images.BASE_GOLANG_ALPINE }}
  BASE_GOLANG_ALPINE_DEV: {{ .Images.BASE_GOLANG_ALPINE_DEV }}
  BASE_GOLANG_16_ALPINE: {{ .Images.BASE_GOLANG_16_ALPINE }}
  BASE_GOLANG_16_ALPINE_DEV: {{ .Images.BASE_GOLANG_16_ALPINE_DEV }}
  BASE_GOLANG_17_ALPINE: {{ .Images.BASE_GOLANG_17_ALPINE }}
  BASE_GOLANG_17_ALPINE_DEV: {{ .Images.BASE_GOLANG_17_ALPINE_DEV }}
  BASE_GOLANG_BUSTER: {{ .Images.BASE_GOLANG_BUSTER }}
  BASE_GOLANG_BUSTER_DEV: {{ .Images.BASE_GOLANG_BUSTER_DEV }}
  BASE_GOLANG_16_BUSTER: {{ .Images.BASE_GOLANG_16_BUSTER }}
  BASE_GOLANG_17_BUSTER: {{ .Images.BASE_GOLANG_17_BUSTER }}
  BASE_GOLANG_18_ALPINE: {{ .Images.BASE_GOLANG_18_ALPINE }}
  BASE_GOLANG_18_ALPINE_DEV: {{ .Images.BASE_GOLANG_18_ALPINE_DEV }}
  BASE_GOLANG_19_ALPINE: {{ .Images.BASE_GOLANG_19_ALPINE }}
  BASE_GOLANG_19_ALPINE_DEV: {{ .Images.BASE_GOLANG_19_ALPINE_DEV }}
  BASE_GOLANG_19_BULLSEYE: {{ .Images.BASE_GOLANG_19_BULLSEYE }}
  BASE_GOLANG_19_BULLSEYE_DEV: {{ .Images.BASE_GOLANG_19_BULLSEYE_DEV }}
  BASE_GOLANG_19_BUSTER: {{ .Images.BASE_GOLANG_19_BUSTER }}
  BASE_GOLANG_20_ALPINE: {{ .Images.BASE_GOLANG_20_ALPINE }}
  BASE_GOLANG_20_ALPINE_DEV: {{ .Images.BASE_GOLANG_20_ALPINE_DEV }}
  BASE_GOLANG_20_BULLSEYE: {{ .Images.BASE_GOLANG_20_BULLSEYE }}
  BASE_GOLANG_20_BULLSEYE_DEV: {{ .Images.BASE_GOLANG_20_BULLSEYE_DEV }}
  BASE_GOLANG_20_BUSTER: {{ .Images.BASE_GOLANG_20_BUSTER }}
  BASE_GOLANG_21_ALPINE: {{ .Images.BASE_GOLANG_21_ALPINE }}
  BASE_GOLANG_21_ALPINE_DEV: {{ .Images.BASE_GOLANG_21_ALPINE_DEV }}
  BASE_GOLANG_21_BULLSEYE: {{ .Images.BASE_GOLANG_21_BULLSEYE }}
  BASE_GOLANG_21_BULLSEYE_DEV: {{ .Images.BASE_GOLANG_21_BULLSEYE_DEV }}
  BASE_NGINX_ALPINE:  {{ .Images.BASE_NGINX_ALPINE }}
  BASE_NGINX_ALPINE_DEV:  {{ .Images.BASE_NGINX_ALPINE_DEV }}
  BASE_NODE_16_ALPINE: {{ .Images.BASE_NODE_16_ALPINE }}
  BASE_NODE_16_ALPINE_DEV: {{ .Images.BASE_NODE_16_ALPINE_DEV }}
  BASE_PYTHON_ALPINE:  {{ .Images.BASE_PYTHON_ALPINE }}
  BASE_PYTHON_ALPINE_DEV:  {{ .Images.BASE_PYTHON_ALPINE_DEV }}
  BASE_SHELL_OPERATOR: {{ .Images.BASE_SHELL_OPERATOR }}
  BASE_UBUNTU: {{ .Images.BASE_UBUNTU }}
  BASE_UBUNTU_BIONIC: {{ .Images.BASE_UBUNTU_BIONIC }}
  BASE_UBUNTU_DEV: {{ .Images.BASE_UBUNTU_DEV }}
  BASE_JEKYLL: {{ .Images.BASE_JEKYLL }}
  BASE_SCRATCH: {{ .Images.BASE_SCRATCH }}
  SOURCE_REPO: {{ .SOURCE_REPO }}
  # proxies for various packages
  GOPROXY: {{ .GOPROXY }}
  {{- if not (has (list .ModuleName .ImageName | join "/") (list "common/distroless")) }}
dependencies:
- image: common/distroless
  imports:
  - type: ImageName
    targetBuildArg: BASE_DISTROLESS
- image: common/iptables-wrapper
  imports:
  - type: ImageName
    targetBuildArg: BASE_IPTABLES_WRAPPER
  {{- end }}
{{- else }}
{{ tpl .ImageBuildData . }}
{{- end }}
{{- end }}

{{- $Root := . }}
{{- $ModulesImagesDigestList := list }}
{{- $ExcludedModulesDict := dict }}

# Collect images if desired for editions
{{- $ModulesImagesBuildFiles := dict }}
{{- range $_, $edition := $.Editions }}
  {{- if not $edition.skipCollectImages }}
    {{ $ModulesImagesBuildFiles = merge $ModulesImagesBuildFiles ($.Files.Glob (printf "%s/*/images/*/{Dockerfile,werf.inc.yaml}" $edition.modulesDir)) }}
  {{- end }}

  {{- if eq $.Env $edition.name }}
    {{- if $edition.excludeModules }}
      {{- range $_, $exludeModuleName := $edition.excludeModules }}
        {{- $_ := set $ExcludedModulesDict (printf "%s" $exludeModuleName) "true" }}
      {{- end }}
    {{- end }}

    {{- break -}}
  {{- end }}
{{- end }}

{{- range $path, $content := $ModulesImagesBuildFiles  }}
  {{- $ctx := dict }}
  {{- if regexMatch "/werf.inc.yaml$" $path }}
  {{- $_ := set $ctx "ImageInstructionType" "Stapel" }}
  {{- else }}
  {{- $_ := set $ctx "ImageInstructionType" "Dockerfile" }}
  {{- end }}
  {{- $ImageData := regexReplaceAll "^(.*)modules/([0-9]+)-([a-z0-9-]+)/images/([0-9a-z-_]+)/(Dockerfile|werf.inc.yaml)$" $path "${1}#${2}#${3}#${4}" | split "#" }}
  {{- $moduleName := $ImageData._2 }}
  # exclude modules and images from editions
  {{- if hasKey $ExcludedModulesDict $moduleName }}
    {{- continue -}}
  {{- end }}

  {{- $_ := set $ctx "CandiVersionMap" $.CandiVersionMap }}
  {{- $_ := set $ctx "ModulePath" $ImageData._0 }}
  {{- $_ := set $ctx "ModulePriority" $ImageData._1 }}
  {{- $_ := set $ctx "ModuleName" $moduleName }}
  {{- $_ := set $ctx "ImageName" $ImageData._3 }}
  {{- $_ := set $ctx "ImageBuildData" $content }}
  {{- $_ := set $ctx "Files" $Root.Files }}
  {{- $_ := set $ctx "Env" $Root.Env }}

  {{- $_ := set $ctx "Images" $Root.Images }}
  {{- $_ := set $ctx "CandiVersionMap" $Root.CandiVersionMap }}
  {{- $_ := set $ctx "TF" $Root.TF }}
  {{- $_ := set $ctx "SOURCE_REPO" $Root.SOURCE_REPO }}
  {{- $_ := set $ctx "GOPROXY" $Root.GOPROXY }}
---
{{ include "module_image_template" $ctx }}
  {{- range $ImageYamlMainfest := regexSplit "\n?---[ \t]*\n" (include "module_image_template" $ctx) -1 }}
    {{- $ImageManifest := $ImageYamlMainfest | fromYaml }}
    {{- if $ImageManifest.image }}
      {{- $ModulesImagesDigestList = append $ModulesImagesDigestList $ImageManifest.image }}
    {{- end }}
  {{- end }}
{{- end }}

---
image: images-digests
from: {{ .Images.BASE_ALPINE }}
dependencies:
{{- range $imageDigest := $ModulesImagesDigestList }}
  {{- $ModuleNameCamel := $imageDigest | splitList "/" | first | camelcase | untitle }}
  {{- $ImageDigestCamel  := $imageDigest | splitList "/" | last  | camelcase | untitle }}
- image: {{ $imageDigest }}
  before: setup
  imports:
  - type: ImageDigest
    targetEnv: MODULE_IMAGE_DIGEST_{{ $ModuleNameCamel }}_{{ $ImageDigestCamel }}
{{- end }}
import:
- artifact: jq
  add: /usr/bin/jq
  to: /usr/bin/jq
  before: setup
shell:
  setup:
  - |
    touch digests_full.lst
    # Here we have list of records like "MODULE_IMAGE_DIGEST_moduleName_sha256:imageDigest", which we parse
    for line in `env | grep MODULE_IMAGE_DIGEST_`
    do
      digestKey=`echo $line | cut -f 4- -d '_' | cut -f 1 -d '='`
      imageDigest=`echo $line | cut -f 4- -d '_' | cut -f 2 -d '='`
      echo $digestKey'='$imageDigest >> digests_full.lst
    done
    cat digests_full.lst | jq -Rn '
      reduce inputs as $i (
        {};
        . * (
          $i | sub("=";"_") |
          split("_") as [$moduleName, $imageName, $digest] |
          {($moduleName): {($imageName): $digest}}
        )
      )
    ' > /images_digests.json

---
image: deckhouse-image-hash
from: {{ .Images.BASE_ALPINE }}
dependencies:
- image: dev
  before: setup
  imports:
  - type: ImageDigest
    targetEnv: MODULE_IMAGE_DIGEST
shell:
  setup:
  - echo ${MODULE_IMAGE_DIGEST} >> /deckhouse_digest.txt

---
image: dev
fromImage: dev-prebuild
import:
- image: images-digests
  add: /images_digests.json
  to: /deckhouse/modules/images_digests.json
  after: setup
- image: images-digests
  add: /images_digests.json
  to: /deckhouse/modules/040-node-manager/images_digests.json
  after: setup
---
image: tests
fromImage: tests-prebuild
import:
- image: images-digests
  add: /images_digests.json
  to: /deckhouse/modules/images_digests.json
  after: setup
- image: images-digests
  add: /images_digests.json
  to: /deckhouse/modules/040-node-manager/images_digests.json
  after: setup

---
artifact: version-map-artifact
from: {{ .Images.BASE_ALPINE }}
import:
- artifact: yq-artifact
  add: /usr/local/bin/yq
  to: /usr/local/bin/yq
  before: install
git:
- add: /
  to: /
  stageDependencies:
    setup:
    {{- range $_, $edition := $.Editions }}
      {{- if $edition.versionMapFile }}
      - {{ $edition.versionMapFile }}
      {{- end }}
    {{- end }}
  includePaths:
{{- range $_, $edition := $.Editions }}
  {{- if $edition.versionMapFile }}
  - {{ $edition.versionMapFile }}
  {{- end }}
{{- end }}
shell:
  setup:
{{- $previousEditionFile := "" }}
{{- range $_, $edition := $.Editions }}
  {{- $curEditionFile := printf "/version_map_%s.yml" $edition.name }}
  {{- if $edition.versionMapFile }}
    {{- $tmpEditionFile := printf "%s.tmp" $curEditionFile }}

     {{- if $previousEditionFile }}
  - cp {{ $edition.versionMapFile }} {{ $tmpEditionFile }}
  - yq m {{ $previousEditionFile }} {{ $tmpEditionFile }} > {{ $curEditionFile }}

      {{- else }}

  - cp {{ $edition.versionMapFile }} {{ $curEditionFile }}

      {{- end }}

  {{- else }}

  - cp {{ $previousEditionFile }} {{ $curEditionFile }}

  {{- end }}

  {{- $previousEditionFile = $curEditionFile }}
{{- end }}

---
# use image for actual terraform version for infra deployment in e2e
image: e2e-terraform
# we use artifact with ubuntu because alpine can not unzip with `unzip` and `tar` command
# current openstack zip-archive with error: "unzip: zip flag 8 (streaming) is not supported"
from: {{ .Images.BASE_UBUNTU }}
shell:
  beforeInstall:
  - apt-get update
  - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends wget unzip git python3 python3-pip jq curl gettext-base bsdextrautils
  - pip3 install awscli
  - curl -LO https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl
  - install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
  - |
    mkdir /terraform
    mkdir -p /usr/local/share/terraform/plugins
    wget https://releases.hashicorp.com/terraform/1.4.0/terraform_1.4.0_linux_amd64.zip -O /terraform.zip
    unzip -d /terraform /terraform.zip
    chmod 755 /terraform/terraform
    cat << EOD > /root/.terraformrc
    provider_installation {
      filesystem_mirror {
        path    = "/usr/local/share/terraform/plugins"
        include = ["*/*/*"]
      }
    }
    EOD

    tf_providers=$(cat <<EOF
    aws 4.47.0 https://releases.hashicorp.com/terraform-provider-aws/4.47.0/terraform-provider-aws_4.47.0_linux_amd64.zip
    tls 4.0.4 https://releases.hashicorp.com/terraform-provider-tls/4.0.4/terraform-provider-tls_4.0.4_linux_amd64.zip
    kubernetes 2.10.0 https://releases.hashicorp.com/terraform-provider-kubernetes/2.10.0/terraform-provider-kubernetes_2.10.0_linux_amd64.zip
    cloudinit 2.2.0 https://releases.hashicorp.com/terraform-provider-cloudinit/2.2.0/terraform-provider-cloudinit_2.2.0_linux_amd64.zip
    random 3.4.3 https://releases.hashicorp.com/terraform-provider-random/3.4.3/terraform-provider-random_3.4.3_linux_amd64.zip
    EOF
    )

    echo "$tf_providers" | while read name ver url ; do

    dir=/usr/local/share/terraform/plugins/registry.terraform.io/hashicorp/${name}/${ver}/linux_amd64
    mkdir -p $dir
    wget -q $url -O /terraform-provider-${name}.zip
    unzip -d $dir /terraform-provider-${name}.zip
    chmod -R 755 $dir
    done

    touch /terraform.log
    chmod 755 /terraform.log
